公开(公告)号：US11308123B2

公开(公告)日：2022-04-19

申请号：US16888240

申请日：2020-05-29

Applicant: Amazon Technologies, Inc.

Inventor： Alazel Acheson ,  Christopher Ryan Baker ,  Mahendra Manshi Chheda ,  James Robert Englert ,  Meng Li ,  Srikanth Mandadi ,  Slavka Praus ,  Colin Watson

IPC: G06F16/27 ,  G06F16/22 ,  G06F16/23

Abstract: Updates to a hierarchical data structure may be selectively replicated to other replicas of the hierarchical data structure. An update for a hierarchical data structure may be received and committed to the hierarchical data structure. A determination as to whether any other replicas of the hierarchical data structure have permission to receive the update may be made. For those replicas of the hierarchical data structure with permission to receive the update, the update may be provided to the replicas and committed to the replicas. Different types of replication techniques may be implemented, such as pull-based replication techniques or push-based replication techniques. Replication permissions for objects of the hierarchical data structure may be individually defined, in some embodiments.

公开(公告)号：US20200293550A1

公开(公告)日：2020-09-17

申请号：US16888240

申请日：2020-05-29

Applicant: Amazon Technologies, Inc.

Inventor： Alazel Acheson ,  Christopher Ryan Baker ,  Mahendra Manshi Chheda ,  James Robert Englert ,  Meng Li ,  Srikanth Mandadi ,  Slavka Praus ,  Colin Watson

IPC: G06F16/27 ,  G06F16/22 ,  G06F16/23

Abstract: Updates to a hierarchical data structure may be selectively replicated to other replicas of the hierarchical data structure. An update for a hierarchical data structure may be received and committed to the hierarchical data structure. A determination as to whether any other replicas of the hierarchical data structure have permission to receive the update may be made. For those replicas of the hierarchical data structure with permission to receive the update, the update may be provided to the replicas and committed to the replicas. Different types of replication techniques may be implemented, such as pull-based replication techniques or push-based replication techniques. Replication permissions for objects of the hierarchical data structure may be individually defined, in some embodiments.

公开(公告)号：US10277569B1

公开(公告)日：2019-04-30

申请号：US14958888

申请日：2015-12-03

Applicant: Amazon Technologies, Inc.

Inventor： Marc R. Barbour ,  Khaled Salah Sedky ,  Slavka Praus ,  Srikanth Mandadi

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L29/08

Abstract: Techniques for using short-term session credentials across regions are described herein. A first request for resources generated using a short-term session credentials and digitally signed with a digital signature. The request is generated in a first region and received in a second region. In response to the request, a second request is generated in the second region to validate the first request. A new session token that is usable in the second region is generated and returned to the second region. The new session token can then be used in the second region to fulfill the first request.

公开(公告)号：US11157517B2

公开(公告)日：2021-10-26

申请号：US15132098

申请日：2016-04-18

Applicant: Amazon Technologies, Inc.

Inventor： Srikanth Mandadi ,  Matthew Berry ,  Slavka Praus ,  Chris Baker ,  Marvin Michael Theimer ,  Anders Samuelsson ,  Khaled Salah Sedky

IPC: G06F16/27 ,  G06F16/28 ,  G06F16/23 ,  G06F16/18 ,  G06F16/901

Abstract: A distributed data store may maintain versioned hierarchical data structures. Different versions of a hierarchical data structure may be maintained consistent with a transaction log for the hierarchical data structure. When access requests directed to the hierarchical data structure are received, a version of the hierarchical data structure may be identified for processing an access request. For access requests with snapshot isolation, the identified version alone may be sufficient to consistently process the access request. For access requests with higher isolation requirements, such as serializable isolation, transactions based on the access request may be submitted to the transaction log so that access requests resulting in committed transactions may be allowed, whereas access requests resulting in conflicting transactions may be denied.

公开(公告)号：US20200329041A1

公开(公告)日：2020-10-15

申请号：US16912490

申请日：2020-06-25

Applicant: Amazon Technologies, Inc.

Inventor： Srikanth Mandadi ,  Khaled Salah Sedky ,  Slavka Praus ,  Marc R. Barbour

IPC: H04L29/06 ,  H04L9/32

Abstract: A request is obtained for accessing a resource in a different region from a region indicated by a session token included with the request. The session token is re-encrypted using secret information of the second region. The request to access the resource in the different region can be fulfilled using the re-encrypted session token.

公开(公告)号：US10701071B2

公开(公告)日：2020-06-30

申请号：US15890978

申请日：2018-02-07

Applicant: Amazon Technologies, Inc.

Inventor： Srikanth Mandadi ,  Khaled Salah Sedky ,  Slavka Praus ,  Marc R. Barbour

IPC: H04L29/06 ,  H04L9/32

Abstract: A request is received by a user in a second region. The request, which is digitally signed with credential associated with the user in the second region causes the generation of a session credential that includes a session key. The user in the second region can use the session credentials to access the resources in the first region.

公开(公告)号：US10671639B1

公开(公告)日：2020-06-02

申请号：US15475031

申请日：2017-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Alazel Acheson ,  Christopher Ryan Baker ,  Mahendra Manshi Chheda ,  James Robert Englert ,  Meng Li ,  Srikanth Mandadi ,  Slavka Praus ,  Colin Watson

IPC: G06F16/18 ,  G06F16/27 ,  G06F16/22 ,  G06F16/23

Abstract: Updates to a hierarchical data structure may be selectively replicated to other replicas of the hierarchical data structure. An update for a hierarchical data structure may be received and committed to the hierarchical data structure. A determination as to whether any other replicas of the hierarchical data structure have permission to receive the update may be made. For those replicas of the hierarchical data structure with permission to receive the update, the update may be provided to the replicas and committed to the replicas. Different types of replication techniques may be implemented, such as pull-based replication techniques or push-based replication techniques. Replication permissions for objects of the hierarchical data structure may be individually defined, in some embodiments.

公开(公告)号：US10608824B1

公开(公告)日：2020-03-31

申请号：US15402063

申请日：2017-01-09

Applicant: Amazon Technologies, Inc.

Inventor： Slavka Praus ,  Matthew John Campagna ,  Nicholas Alexander Allen ,  Petr Praus

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

Abstract: A first public key is generated based at least in part on a first plurality of signing keys and a second public key is generated based at least in part on a second plurality of signing keys. The signing keys may be used to generate digital signatures. The second public key may be made available to verify a digital signature generated using a signing key from the second plurality of signing keys. In some cases, a first Merkle tree may be formed by the first public key and the first plurality of signing keys, and a second Merkle tree may be formed by the second public key, the first public key, and the second plurality of signing keys.

公开(公告)号：US20180183793A1

公开(公告)日：2018-06-28

申请号：US15890978

申请日：2018-02-07

Applicant: Amazon Technologies, Inc.

Inventor： Srikanth Mandadi ,  Khaled Salah Sedky ,  Slavka Praus ,  Marc R. Barbour

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L63/0876 ,  H04L9/3247 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/0807 ,  H04L63/20

Abstract: A request is received by a user in a second region. The request, which is digitally signed with credential associated with the user in the second region causes the generation of a session credential that includes a session key. The user in the second region can use the session credentials to access the resources in the first region.

公开(公告)号：US09900160B1

公开(公告)日：2018-02-20

申请号：US14958872

申请日：2015-12-03

Applicant: Amazon Technologies, Inc.

Inventor： Marc R. Barbour ,  Khaled Salah Sedky ,  Srikanth Mandadi ,  Slavka Praus

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3247 ,  H04L9/0861 ,  H04L63/0442 ,  H04L63/045 ,  H04L63/062 ,  H04L63/068 ,  H04L63/126

Abstract: Techniques for using short-term credentials using asymmetric session keys are described herein. A request for a short-term credential is received that is digitally signed with a different credential. In response to the request, short-term credential data is generated and populated with a public session key corresponding to a private session key. The short-term credential data is then encrypted with a session encryption key to produce the short-term credential token, which can then be used by the requester as a short-term credential for subsequent requests.